package com.jiangjiesheng.customfilter;


import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

/**
 * 解决过滤器中testRole1 = roles["admin","admin1"] 这样为且的权限，可以自定义成或的权限
 * 也可以通过这个注解处理or的权限
 * RequiresPermissions(value = {"permissionOne", "permissionTwo"}, logical = Logical.OR)
 */
public class RolesOrFilter extends AuthorizationFilter {


    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
        Subject subject = getSubject(servletRequest, servletResponse);
        String[] roles = (String[]) o;
        if (roles == null || roles.length == 0) {
            return true;
        }
        for (String role : roles) {
            if (subject.hasRole(role)) {
                return true;
            }
        }
        return false;
    }
}
